Starting from version 4.0, Sippy implemented an "IP Firewall" that you may find in the "Tools" section of the main menu.
From 2021 version IP Firewall is available under System Management - System Parameters section.
The Firewall configuration menu was added to limit access to SIP/Web/DB based on the IP address.
Example of default page:
Rules with IP addresses 0.0.0.0 and Netmask 0.0.0.0 mean ANY IP/ANY Subnet. On the screenshot you can see that by default, SIP/Web access is not restricted (this means that you may have Web/SIP access from any IP). Note, that "access from any IP" doesn't mean that any IP may login to your web interface bypassing the login credentials; it means that the login page would be visible to anyone who knows your IP address. The same applies for all other types of rules.
If a switch operator wants to restrict access (e.g globally - for every entity in the system), he needs to first add the list of trusted IPs using the Rule "Allow", then he can Deny access with a global rule using the IP address 0.0.0.0 (blocking all IPs except the list of IPs added with the Rule "Allow").
Example for Web type:
Another possible approach (less secure), is to block only the list of suspicious/fraudulent IPs. In such case, you must leave the default rule with the IP address 0.0.0.0 and the Netmask 0.0.0.0 in Allow state and add the fraudulent IP with a Deny rule.
Example for Web type:
The same approach works for all other types of rules (SIP/DB/SSH).
Warning: For your security please review your Firewall Rules and create rules to allow or deny access to your SoftSwitch. For some suggestions visit our support documentation here.
A warning message informs switch operators that default rules with IP address 0.0.0.0 and Netmask 0.0.0.0 are in "Allow" state and may be potential security concerns.
To resolve this issue there are two options:
1) Add the list of trusted IPs and set Rule = "Allow" for all types of services and then block the default rules with IP addresses 0.0.0.0 and Netmask 0.0.0.0 (this blocks access for all IP's except the allowed list of IP's)
2) Upload/generate a valid SSL certificate following the documentation below:
2) Deselect the security alerts in the "Security Alerts" section
Other related/useful documentations: